Search code examples
pkcs#11opensc

opensc-pkcs11 not getting any token

I am writing a sample program using opensc-pkcs11.so in redhat linux. This is for pure software implementation of AES encryption/decryption. I am not using for any card. My program intilizes the cryptoki successfully but giving CKR_TOKEN_NOT_PRESENT error. code snippet is given.

CK_FUNCTION_LIST_PTR pFunctionList; 
CK_C_Initialize pC_Initialize; 
CK_RV rv; 

rv = C_GetFunctionList(&pFunctionList); 
if(rv == CKR_OK)
pC_Initialize = pFunctionList -> C_Initialize; 

rv = (*pC_Initialize)(NULL_PTR);

    CK_ULONG ulSlotCount;
    CK_SLOT_ID_PTR pSlotList;

    CK_C_GetSlotList pC_GetSlotList;
    pC_GetSlotList = pFunctionList -> C_GetSlotList; 
    rv = (*pC_GetSlotList)(CK_FALSE, NULL_PTR, &ulSlotCount);

    /* Get list of all slots */
    //rv = C_GetSlotList(FALSE, NULL_PTR, &ulSlotCount);

    if (rv == CKR_OK) 
    {
        cout<<"ulSlotCount="<<ulSlotCount<<endl;
        pSlotList =
        (CK_SLOT_ID_PTR)
        malloc(ulSlotCount*sizeof(CK_SLOT_ID));
        //rv = C_GetSlotList(FALSE, pSlotList, &ulSlotCount);
        rv = (*pC_GetSlotList)(CK_FALSE, pSlotList, &ulSlotCount);
        if (rv == CKR_OK) 
        {
        /* Now use that list of all slots */
            l_lSlotId = pSlotList[0];
        cerr<<"lSlotId="<<l_lSlotId<<endl;


        }

        CK_SLOT_INFO slotInfo;
        CK_TOKEN_INFO tokenInfo;
        CK_C_GetSlotInfo pC_GetSlotInfo;
        pC_GetSlotInfo = pFunctionList -> C_GetSlotInfo;

        /* Get slot information for first slot */
        rv = (*pC_GetSlotInfo)(pSlotList[0], &slotInfo);
        fprintf(stderr, "pC_GetSlotInfo: rv = 0x%.8X\n", rv);
        if(rv == CKR_OK)
                   {
        /* Get token information for first slot */
            cerr<<"pC_GetSlotInfo OK"<<endl;

            CK_C_GetTokenInfo pC_GetTokenInfo;
            pC_GetTokenInfo = pFunctionList -> C_GetTokenInfo;
            rv = (*pC_GetTokenInfo)(pSlotList[0], &tokenInfo);
        }
        fprintf(stderr, "pC_GetTokenInfo: rv = 0x%.8X\n", rv);
        if (rv == CKR_TOKEN_NOT_PRESENT) 
        {
            cerr<<"CKR_TOKEN_NOT_PRESENT"<<endl;
        }

        free(pSlotList);
    }

Can anybody give idea about what is happening? I believe opensc-pkcs11 can be used for just software implementation also. Thanks in advance.

Solution

  • PKCS#11 library shipped with OpenSC acts "only as a driver" for a bunch of generally available cryptographic smart cards so unless you have a physical card reader connected to your computer it won't find any slots.

    If you are looking for a pure software PKCS#11 implementation then I believe you should pick one from these open source projects:

    1. Bouncy HSM
      HSM and smartcard simulator with HTML UI, REST API and PKCS#11 interface.

    2. SoftHSM
      Developed as a part of OpenDNSSEC project but not actively maintained anymore (as of 2024).

    3. NSS Internal PKCS#11 Module
      Software token with PKCS#11 interface used by Mozilla products (Firefox, Thunderbird etc.).

    4. OpenCryptoki
      PKCS#11 implementation which supports IBM cryptographic hardware but also contains software token.

    If none of them suits your needs then maybe you could use some general purpose cryptographic library such as OpenSSL, GnuTLS or Botan.